优化准则:应使用单向加密算法对口令进行加密并存储

wuhaoyang
wuhaoyang 10 months ago
parent c0365cb297
commit 28d4ce998d
  1. 18
      sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java
  2. 2
      sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmCheckerTest.java
  3. 20
      sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.cc

@ -41,7 +41,6 @@ public class EncryptionAlgorithmChecker extends SquidCheck<Grammar> {
);
}
@Override
public void visitNode(AstNode astNode) {
var varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue();
@ -52,19 +51,20 @@ public class EncryptionAlgorithmChecker extends SquidCheck<Grammar> {
var callNode = next.getFirstDescendant(CxxGrammarImpl.postfixExpression);
if(callNode != null){
var callList = callNode.getDescendants(CxxGrammarImpl.className);
var funName = callList.get(callList.size() - 1).getTokenOriginalValue();
var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList);
if("generateHash".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> {
var name = item.getTokenOriginalValue();
return name != null && name.contains("password");
})){
cache.remove(varName);
if(!callList.isEmpty()) {
var funName = callList.get(callList.size() - 1).getTokenOriginalValue();
var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList);
if("hashpw".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> {
var name = item.getTokenOriginalValue();
return name != null && ("password".equals(name) || "salt".equals(name));
})){
cache.remove(varName);
}
}
}
next = next.getNextSibling();
}
cache.values().forEach(item->{
System.out.println("特定字段"+item.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue()+"未使用单向加密算法对口令进行加密并存储");
getContext().createLineViolation(this, "特定字段未使用单向加密算法对口令进行加密并存储", item);
});
}

@ -29,7 +29,7 @@ public class EncryptionAlgorithmCheckerTest {
var tester = CxxFileTesterHelper.create("EncryptionAlgorithmChecker.cc");
SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker);
CheckMessagesVerifier.verify(file.getCheckMessages())
.next().atLine(8).withMessage("特定字段未使用单向加密算法对口令进行加密并存储")
.next().atLine(9).withMessage("特定字段未使用单向加密算法对口令进行加密并存储")
.noMore();
}

@ -1,13 +1,23 @@
#include <iostream>
#include <string>
#include <bcrypt/BCrypt.hpp>
#include <bcrypt.h>
using namespace std;
using namespace bcrypt;
int main()
{
string password = "abc123"; // 初始化密码
int main() {
// 用户输入的原始密码
string password = "userPassword123";
// string hashedPassword = BCrypt::generateHash(password); // bcrypt 密码
// 使用cpp-bcrypt生成盐和哈希
// bcrypt::generate_salt(); // 生成一个随机盐
// string salt = bcrypt::get_salt();
// 使用盐和密码生成哈希
// string hashed_password;
// bcrypt::hashpw(password.c_str(), salt.c_str(), hashed_password);
// 打印生成的哈希值
// cout << "Generated bcrypt hash: " << hashed_password << endl;
return 0;
}
Loading…
Cancel
Save